CVE-2023-5992

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-5992
A vulnerability was found in OpenSC where PKCS#1 encryption padding removal is not implemented as side-channel resistant. This issue may result in the potential leak of private data.

5.9 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://access.redhat.com/security/cve/CVE-2023-5992 Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2248685 Issue Tracking
https://github.com/OpenSC/OpenSC/wiki/CVE-2023-5992 Vendor Advisory
https://access.redhat.com/errata/RHSA-2024:0966 Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:0967 Third Party Advisory
https://www.usenix.org/system/files/usenixsecurity24-shagam.pdf Exploit Technical Description
Configurations

Configuration 1 (hide)

cpe:2.3:a:opensc_project:opensc:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.0_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.0_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.0_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.4_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.4_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.4_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:9.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:9.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.4_ppc64le:*:*:*:*:*:*:*
History

09 Oct 2024, 15:07

Type Values Removed Values Added
CPE cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.0_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.4_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.4_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:9.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.0_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.4_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.0_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:9.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.4_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:*:*:*:*:*:*:*
First Time Redhat enterprise Linux For Arm 64 Eus
Redhat enterprise Linux For Power Little Endian Eus
Redhat enterprise Linux Server Aus
Redhat enterprise Linux For Ibm Z Systems
Redhat enterprise Linux Eus
Redhat enterprise Linux For Power Little Endian
Redhat enterprise Linux Server For Power Little Endian Update Services For Sap Solutions
Redhat enterprise Linux For Arm 64
Redhat enterprise Linux For Ibm Z Systems Eus
References () https://www.usenix.org/system/files/usenixsecurity24-shagam.pdf - () https://www.usenix.org/system/files/usenixsecurity24-shagam.pdf - Exploit, Technical Description
References () https://access.redhat.com/errata/RHSA-2024:0966 - () https://access.redhat.com/errata/RHSA-2024:0966 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2024:0967 - () https://access.redhat.com/errata/RHSA-2024:0967 - Third Party Advisory

03 Sep 2024, 17:15

Type Values Removed Values Added
References
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OWIZ5ZLO5ECYPLSTESCF7I7PQO5X6ZSU/', 'name': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OWIZ5ZLO5ECYPLSTESCF7I7PQO5X6ZSU/', 'tags': [], 'refsource': ''}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RJI2FWLY24EOPALQ43YPQEZMEP3APPPI/', 'name': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RJI2FWLY24EOPALQ43YPQEZMEP3APPPI/', 'tags': [], 'refsource': ''}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UECKC7X4IM4YZQ5KRQMNBNKNOXLZC7RZ/', 'name': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UECKC7X4IM4YZQ5KRQMNBNKNOXLZC7RZ/', 'tags': [], 'refsource': ''}
  • () https://www.usenix.org/system/files/usenixsecurity24-shagam.pdf -

23 Mar 2024, 03:15

Type Values Removed Values Added
References
  • () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UECKC7X4IM4YZQ5KRQMNBNKNOXLZC7RZ/ -

16 Mar 2024, 03:15

Type Values Removed Values Added
References
  • () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OWIZ5ZLO5ECYPLSTESCF7I7PQO5X6ZSU/ -
  • () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RJI2FWLY24EOPALQ43YPQEZMEP3APPPI/ -

26 Feb 2024, 16:27

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:0966 -
  • () https://access.redhat.com/errata/RHSA-2024:0967 -

09 Feb 2024, 01:00

Type Values Removed Values Added
References () https://bugzilla.redhat.com/show_bug.cgi?id=2248685 - () https://bugzilla.redhat.com/show_bug.cgi?id=2248685 - Issue Tracking
References () https://access.redhat.com/security/cve/CVE-2023-5992 - () https://access.redhat.com/security/cve/CVE-2023-5992 - Third Party Advisory
References () https://github.com/OpenSC/OpenSC/wiki/CVE-2023-5992 - () https://github.com/OpenSC/OpenSC/wiki/CVE-2023-5992 - Vendor Advisory
CWE CWE-203
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 5.9
First Time Redhat enterprise Linux
Opensc Project
Opensc Project opensc
Redhat
CPE cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:a:opensc_project:opensc:*:*:*:*:*:*:*:*

31 Jan 2024, 14:28

Type Values Removed Values Added
New CVE
Information

Published : 2024-01-31 14:15

Updated : 2024-10-09 15:07

NVD link : CVE-2023-5992

Mitre link : CVE-2023-5992

JSON object : View

Products Affected

redhat

  • enterprise_linux
  • enterprise_linux_for_power_little_endian_eus
  • enterprise_linux_for_arm_64
  • enterprise_linux_for_power_little_endian
  • enterprise_linux_eus
  • enterprise_linux_for_ibm_z_systems_eus
  • enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions
  • enterprise_linux_server_aus
  • enterprise_linux_for_ibm_z_systems
  • enterprise_linux_for_arm_64_eus

opensc_project

  • opensc
CWE
CWE-203

Observable Discrepancy